RSS

How-To Geek

Microsoft Security Essentials (Windows Defender on Windows 8) was once on top. Over the years, it’s slid in the test results, but Microsoft argued the tests weren’t meaningful. Now, Microsoft is advising Windows users to use a third-party antivirus instead.

This revelation comes to us from an interview Microsoft gave. Microsoft’s official website still bills MSE as offering “comprehensive malware protection” without any hint that they no longer recommend using it. Microsoft is not communicating well with its users.

Update: Microsoft has now released a statement, saying “We believe in Microsoft antimalware products and strongly recommend them to our customers, to our friends, and to our families.” Their statement unfortunately doesn’t directly address Holly Stewart’s comments or MSE’s history of worsening test scores. Given MSE’s poor scores, all the stories we’ve heard about it failing people in the real world, and Microsoft’s inconsistent communication, we still don’t feel we can recommend MSE anymore.

Update 2: In the year and a half since we published this article in 2013, Windows Defender’s test scores have improved. It still scores lower than almost every other antivirus app, but at least its performance isn’t nearly as low as it once was. For a more up-to-date view of our current antivirus recommendations, click here.

A Strong Start

Microsoft Security Essentials was once on top of the rankings. In 2009, AV-Comparatives.org gave it a very high score and said it was the best-performing free antivirus.

MSE was very appealing to Windows geeks like us, who quickly latched onto it. It received very good malware detection scores, was extremely speedy, and was free. Not only was it available for free — it wouldn’t hassle you and try to upsell you to paid antivirus solutions, like AVG and avast! do. MSE was a breath of fresh air — both in its interface and its speedy performance. Its test results showed it was ahead of the pack, so it was best antivirus at the time.

We’ve been recommending MSE as the free antivirus to use for years because of this. It’s included by default on Windows 8 and named “Windows Defender.” This is one of the big security improvements in Windows 8 — you have an antivirus included so every Windows user has protection. It would be nice if Windows users finally didn’t have to seek out a third-party antivirus.

Sliding Scores and Excuses

Over the past several years, Microsoft Security Essentials has slid in the malware detection scoring tests. AV-TEST’s 2011 annual review ranked Microsoft Security Essentials last place in protection among all the products it tested. In October 2012, Microsoft Security Essentials scored so low that it lost its AV-TEST certification. In June 2013, MSE received a zero protection score from AV-TEST — the lowest possible score. It’s also come last in other recent tests, including one by Dennis Technology Labs.

At the time, Microsoft argued that the tests were not representative of the real world. They said they were focused on trying to stop real-world threats, not compete in tests where the detection of rare malware was a significant factor. They argued that avoiding false positives was an important goal and that real-world experiences were more important than arbitrary test results.

Microsoft Has Stopped Trying

The Microsoft Security Essentials website promises “comprehensive malware protection” and “award-winning protection,” so users would be forgiven for believing that Microsoft was committed to making MSE a capable antivirus solution. But Microsoft is now saying that MSE is only basic protection that users shouldn’t rely on.

In an interview with Dennis Protection Labs, Holly Stewart, the senior program manager of the Microsoft Malware Protection Center, said that Microsoft Security Essentials was just a “baseline” that’s designed to “always be on the bottom” of antivirus tests. She said Microsoft sees MSE as a first layer of protection and advises Windows users to use a third-party antivirus instead.

According to Holly Stewart, Microsoft “had an epiphany a few years ago, back in 2011, where we realized we had a greater calling and that was to protect all Microsoft customers.” She says that Microsoft passes its information on to other antivirus makers and helps them make their products better. “We used to have part of our time directed towards predicting test results,” but these people have now been directed to focus on emerging threats and share that information with other antivirus companies.

She went on: “We’re providing all of that data and information to our partners so they can do at least as well as we are. The natural progression is that we will always be on the bottom of these tests. And honestly, if we are doing our job correctly, that’s what will happen.”

Nevertheless, she argues that “baseline does not equal bad” and says they provide a high-quality antivirus. But Microsoft themselves are recommending users not use MSE, so it’s hard to take that seriously. This isn’t a product average people should use — it’s better than no antivirus, but not something we should recommend. Microsoft is doing a disservice to its users by telling antivirus testing companies that they don’t recommend MSE for average users and telling average users that MSE provides them with “comprehensive malware protection” on their website. Microsoft needs to pick one message and stick to it.

If You’re a Geek, You Can Probably Get By With MSE

Now, if you’re a geek like we are, MSE and Windows Defender are very usable. If you have good security practices and know what you’re doing, you can probably manage just fine with this lightweight option. But average Windows users don’t always follow proper security practices and should use a strong antivirus that does well in tests — as Microsoft themselves now recommend.

If you’re a geek, you probably shouldn’t recommend MSE to your friends or install it on your parents’ computer. Yes, it’s a shame — MSE’s lightweight and hassle-free nature make for a great interface and a faster computer. But the core of an antivirus is the detection engine, and Microsoft appears to be throwing in the towel here.

So What Should You Use?

To find an antivirus product that actually offers good protection, consult an antivirus test website and see how your antivirus of choice stacks up. If you don’t feel like doing all that research yourself, luckily we’ve done it for you.

You can see our full list of recommendations in this post, but when it comes to the best antivirus on the market, Kaspersky consistently ranks in the top of both the AV-Test and AV-Comparatives rankings, and we’ve used it with good results. It isn’t free, but most of the free antivirus out there is bundling extra nonsense these days. If you must use something free but aren’t satisfied with MSE’s protection, Avira Free Antivirus is a decent, not-too-intrusive option.

We’d like to apologize for continuing to recommend Microsoft Security Essentials for so long, in spite of the poor test results. We found it worked for us and we didn’t like how heavy and obnoxious other antivirus solutions can be. We believed Microsoft when they argued that MSE provided “comprehensive malware protection” for real-world threats and that antivirus tests weren’t representative of real-world results, as MSE performed well for us. We feel betrayed by Microsoft — they made an internal decision to let MSE decline without telling its users. They’re still communicating two different messages — one to antivirus testing companies in interviews and one to average users on their website.

For a good while I watched MSE go down in the rankings and tried to find alternatives that still had the light feel, without nags.

I was pleased to find that sweet spot of set-it-and-forget-it protection combined with substantially above-average test results (across AV-test as well as AV-comparatives). Panda Cloud Antivirus has been great. Simple and you never know it's there.

Only things to watch out for are the security toolbar it wants to install and the default search. I opt out of both of those. The new 2.0 version has some document protection features I don't like as well, but they're opt-in.

After having installed and used all the popular solutions including Avast!, AVG, BitDefender, Avira et. al., I can recommend Panda as a clearly better experience.

I'm pretty sure I fall into the category of "geek," so I'm going to keep using it. I don't download anything dangerous, aside from the occasional torrent. As @binaryphile mentioned, I will switch to Panda Cloud if anything goes awry with Defender. One question, though @binaryphile: How does Panda Cloud impact boot times in Windows? I have my boot down to about 20 seconds, and I don't really want it to be much slower!

This is a bummer I've always had luck with MSE myself and installed it for family members, co-workers, and friends and never heard from them again for anything other than "What's that warning from Security Essentials mean?"

This to me meant that it was doing it's job. Now this means that it most likely is dumb luck and most of these users are just waiting to open the wrong door and let a new trojan roll right in. =S

Will HTG be publishing any findings on their opinion of a best overall solution? Is avast! enough for firewall, spyware, malware, and rootkits? or is it best to piece together a suite of software that specializes in each of these?

Is avast! enough for firewall, spyware, malware, and rootkits? or is it best to piece together a suite of software that specializes in each of these?

I prefer using my own suite of software. I use free Avast for my AV but I also use the paid version of MBAM, free SAS, free Spybot S&D, and free ZoneAlarm firewall. The free version of MBAM is good but the paid version does automatic updates, has full time protection, and will play well with an AV. The license is lifetime and transferable so there is only the onetime expense to buy it (and it often goes on sale), making it a bargain.

I also use Secunia PSI to monitor my programs for needed updates. Not all programs will check for updates and, of those that do, I generally prefer that they don't phone home. Avast also monitors for program updates, and often reports faster than PSI, but it isn't as thorough as PSI.

If I could have only one security program on my computer (thank God I don't!), it would be Avast.

Wow - this is a new low for Microsoft. Given their continuing struggle to maintain relevance, it seems something of an idiot move to admit a product is inadequate. Worse than that - they are essentially waving the white flag and - unless they announce this officially - are putting MSE users in a vulnerable position. I know what I'll be doing today....

Take a look for yourself, the test results are constantly being updated: AV Test, AV Comparatives (select Performance Test, year and month).

AV Comparatives puts performance impact just a shade worse than MSE, so it's about par.

I'm no expert on Panda beyond what the test results say, since there's not much to know. I just read the test results and over time they really seem to have kept within an epsilon of that sweet spot. That's why I recommend it to my friends, it's like MSE in a lot of ways, it just protects you better.

MBAM Pro provides both "File System" and "Malicious Website Blocking" protection in real time. Much better than WOT, the website feature will actually prevent your computer from connecting to any site which it rates as "malicious", and it informs you of the blockage, along with the IP address of the blocked site, in a little pop-up on the task bar. It has proven to be very effective on certain occasions and I have no doubt that feature has kept me out of hot water.

I've been a huge fan of WinPatrol for about ten years. The developer is a Microsoft MSVP - so he knows what he's doing. The program monitors your system in real time, and will warn you regarding any changes made to your system - including the addition, removal or replacement of .DLL files and registry entries.

SuperAntispyware Pro provides another layer of real-time protection and - like MBAM - updates its database automatically every day. The offers a number of additional tools and fixes for some common problems - such as changing of home page, loss of Start Menu, Task Manager, etc.

I run a daily quick scan with MSE and - along with those other programs - have yet to get myself into any serious trouble. While I'm not a real "geek" - I think I qualify under the heading of security.

What I do to be fair is:1. Pay for Malwarebytes - a small price and I used their free version for years. Good to support such folks.2. Use Avast on my wife's PC (free version)3. I change suppliers of anti-virus from year to year after having used some free versions - Avira, Avast, and give them a year of paid use to give a bit of support. This year I am using Bitdefender (paid).Not sure what I will do next year, maybe back to Avira or Avast.

Nowhere did Microsoft suggest that you use other tools. What they said is that they are sharing information with other companies.

What she did say was that the more people working actively on threats, the harder it was for the real bad guys to slip malware past whatever security suite you are using.

In my own personal experience helping friends and family with computer issues, MSE is still head and shoulders above the competition. This is for several reasons:

It still runs circles around most of the competition.
Low number of false positives compared to higher ranked software
Silent, automatic updates.

When you are dealing with non-computer savvy people, something that just works is the best bet. False positives and constant pop ups are the enemy, because you condition people to having to click a button to get rid of whatever annoying popup some program is giving them now.

My personal feeling is that these tests are far from accurate representations of real world performance.

Since these are just my personal experiences on the matter, gleaned from having to clean viruses off of Avast, Norton, McAfee, Avira, etc "protected" computers, and routinely scanning my MSE/WD protected computers with other programs to verify that MS is in fact, doing their jobs correctly.

After reading this article, I ran my own a Antivirus test using 12 different Antivirus programs, one at a time, in VirturalBox. I found that ESET works well out of the box, although it is paid, it detected and removed 10/10 test viruses, including ones in 7-Zip archives. Kasberskey Antivirus had the same results, with a little tweaking. Avast! Free Antivirus found 3/10 viruses out of the box, but when I optimized all of the settings, it found all of the test viruses, and removed them almost instantly. I would say that, unlike other paid Antivirus software, Malwarebytes Anti-Malware PRO adds some very nice features over the free version, such as automatic updates, real-time protection, and a password lock. I'm not sure if I'm going to use Microsoft Security Essentials anymore. I can't really get rid of Windows Defender, so I keep it. I use System Restore and create full System Images regularly using the built in Windows feature, so I hope Microsoft doesn't say that those only offer "basic protection" as well. Another thing that helps is that I install all programs in a VirturalBox Machine and test them before I install anything on my host computer. I use Google Chrome because of it's great Malware protection, and OpenDNS because it blocks Malware sites on the DNS level. My Windows account is secured with an enormous password. All of this and I still get the occasional virus, but I can usually fix that with a boot-time scan, a Windows Defender Offline (for boot) scan, and a Windows Repair Disc. All of this is, surprisingly, free, minus Malwarebytes Anti-Malware PRO, and with a fast enough computer, I still have my 7-second boot time, and that's with Windows 7.

So, you could use all of this with Windows, or you could use Linux or Mac OS and be done with it. For now, that is.

Unless you replace it with another firewall, such as ZoneAlarm or Comodo, you should leave Window's firewall on.

Defender depends on whether you are using Win 7 or Win 8. In Win 7, it doesn't matter if you turn it off or leave it on as long as you have a decent AV in place. Defender in win 8 is just another name for MSE and should be turned off and replaced with another AV.

I call BS on that. There's no way you'd have that many "malware" and not notice the effect on your system. Unless you go on the extremely seedy parts of the internet and/or intentionally download said malware, you would not have that many infections if you were using MSE.

I've been using MSE on the 7 systems in my house, for at least 4 years. MSE and nothing else. Of those 7 machines, 4 are machines that I rarely use. Assuming I use my systems responsibly and recognize a seedy application / site, and the other members of my house aren't tech savvy (which they aren't), it would mean those computers should have somewhere in the range of 5-10 "malware" installed.

Now, I haven't checked them with malwarebytes, but I'm willing to bet they wont have nearly as many infections as that, if at all.

Ok, I'm sorry for the many images, but you asked a difficult question. These pictures show how to optimize the settings in Avast! Free Antivirus so as to detect 10/10 viruses rather than 3/10. This has worked well for me, but you might want to change the scheduling or performance settings so as to match your needs.

Microsoft are so bloody stupid. M-S-E/Windows Defender and Windows Movie Maker (the old XP/Vista pre-"Windows Live Movie Maker" versions) were the best software. Simple and easy to use, and free. Killing them instead of beefing them up is stupid.

After some thought I think I will continue using MSE and recommending it to those I support until such time as any of them actually get a virus. So far over the last three years or so none of them have.

Tests which bombard anti-virus programs with viruses and malware which normal folk will never see is not a realistic test to base a decision on.

None of my folks want to "monkey" with an antivirus, tweeking it so it gets the best results without NAGS. They are satisfied with a program that just works.

The one computer I have Avast on just reminds me two or three times a day how much I hate it.

I've been hearing so many bad stories about MSE's detection rate in the real world and it's failed so many tests that I still can't continue to recommend it. This is a "straw that broke the camel's back" situation for me.

MSE has worked fine for me personally, but I can no longer continue to ignore the experiences from people I respect who have seen it fail on real people's computers. I also can't ignore its consistently worsening test results.

I've been using MSE from day one and haven't had malware since so I ask: Why 'fix' what is clearly not broken? Coupled with Macrium Reflect, I've felt nothing but peace of mind. i don't care about tests...it's in the real world that matters